In automotive cybersecurity news this week were Kaspersky, CSS, ISARA, Virtual Forge, CarBlock, YourMechanic and IHS Markit.
Kaspersky Finds Aftermarket Tools Are Vulnerable
Kaspersky Lab warns that aftermarket add-on devices to make cars connected can be dangerous.
Darknet ads advertise accounts granting access to hacked cars from anywhere in the world. Hackers have designed tools mostly in the USB interface — and selling gadgets that let owners substitute the car’s security certificate to gain access to features such as remote start, connect to internet, exchange data and other alternative solutions. As a result, many “alternative” smart car solutions have found their way online.
Kasperky experts studied multiple forums and sales platforms offering a variety of tools and programs for smart connected car features. They presented their findings at the RSA 2018 conference, in San Francisco. For example, they found special modules for resetting the mileage or reloading the airbags after an accident, saving on maintenance, as well as tools for diagnosis and unlocking paid features, pirated navigation apps, and unlicensed accessories. Naturally, those products were all quite a bit less expensive than what manufacturers offer.
Attackers who create “useful” programs for car owners to unlock features get almost unlimited control over the vehicle, depending on what code was injected into the firmware. They can monitor the car’s movements, eavesdrop on conversations, or access a smartphone connected to the system. Or they could turn off the alarm and unlock the doors.
Enterprising cybercriminals might even inject ransomware, preventing the vehicle from moving until the owner pays up in cryptocurrency.
Kaspersky claims that evev automakers still underestimate the importance of patching vulnerabilities, meaning that many threats remain active to this day. Until the situation changes radically, car owners need to take responsibility for their own security.
- Use only official apps and accessories. Remember the aphorisms in this post — it doesn’t pay to be cheap.
- Service your vehicle properly and update its firmware regularly. Don’t ignore firmware updates for your model — most likely they’ll fix some issues before you have to deal with them.
- Scan mobile apps for connected cars with antivirus. That way, intruders won’t be able to steal registration data from your smartphone for resale on the black market.
CSS & ISARA Quantum PKI
Certified Security Solutions (CSS), the leader in Public Key Infrastructure (PKI) based digital identity software and services, and ISARA, the leading provider of security solutions for the quantum computing age, announced today that their innovative partnership has resulted in release of the world’s first quantum-safe, full-stack PKI solution.
With the new PKI solution, the automotive industry has the ability to ensure that its over-the-air (OTA) software updates are secure against attack from today’s conventional systems and quantum computers in the future. By deploying a quantum-safe PKI today, carmakers can accomplish mass software updates at scale without the burden of extremely complicated (nearly impossible) recalls and dealer visits when current classic Roots of Trust become unsafe with the dawn of large-scale quantum computers. Connected vehicles on the road today, and all connected vehicles in development, will need protection from the potential negative effects of large-scale quantum computers.
Virtual Forge Scans SAPUIT
Virtual Forge, the leading provider of cyber security solutions for SAP, announced its CodeProfiler for HANA is now able to scan the SAPUI5 programming language. The company also announced new patents pending for the technology. CodeProfiler for HANA enables companies to run automated quality and security checks on their custom developments as lines of code are being developed on the SAP HANA platform.
Virtual Forge’s CodeProfiler for HANA provides developers with detailed feedback on the code quality of SAPUI5-based business applications, even as developers write the code – similar to the spell-checking functionality of a word processor. HANA differs fundamentally from other SAP technologies, making it difficult for programmers to maintain the security, performance levels, overall code quality and compliance necessary for custom SAP-developed programs.
CarBlock Blockchain with nonda
CarBlock, the world’s first blockchain-based transportation solution built on data generated by smart devices, announced their partnership with nonda. This new partnership reflects CarBlock’s commitment to empowering drivers to use their data and ultimately earn rewards for providing said data to companies in need.
nonda is already a leading smart device company and provides a fleet of devices that allow any car to become a connected car, regardless of its make or model. The ZUS Connected Car System, includes a Smart Car Charger, Smart Tire Safety Monitor, Smart Vehicle Health Monitor, Wireless Smart Backup Camera, Car Key Finder and Universal HD Audio Adapter. Each device is powered by the ZUS Smart Driving Assistant App (iOS/Android) and can be purchased through retailers like WalMart and Best Buy, or at various online retailers.
CarBlock is a decentralized blockchain platform and ecosystem that serves the entire automotive and transportation industry. While the internet has enabled the flow of information, CarBlock will do the same for data and assets. This increased access to data will enable businesses to make better decisions and stimulate a more efficient operation for them on CarBlock, while attracting individuals, teams, universities and research institutions to join the ecosystem and eventually change the entire automotive and transportation industry.
CarBlock and nonda will continue to explore the many opportunities that this partnership enables and will be able to build and expand together as the CarBlock Partner Family grows over time.
CarBlock Partners with YourMechanic for Expanded Data
CarBlock, the world’s first blockchain-based transportation solution built on data generated by smart devices, iannouncee their new partnership with YourMechanic, the nation’s largest online marketplace for car repair services. This partnership will allow YourMechanic access to expanded vehicle data to better serve their customers and provide more accurate pricing.
“Protecting data privacy and facilitating data transaction with user consent is at the core of CarBlock,” said Julie Wang, Co-Founder, CarBlock. “This partnership enables CarBlock to provide robust automotive data and strong community to YourMechanic’s clients throughout the US. We are confident that together, we can create a vast network of users that will be able to capitalize on the data they collect while keep all personal data protected by our blockchain technology.”
Founded in 2012, YourMechanic set the goal to make car repair and maintenance affordable, convenient, and transparent. Car owners are able to request quotes, book services and access advice from expert mechanics about their cars through their website and mobile app. YourMechanic connects the customers and the mechanics directly, ensuring better communication and convenience for all parties.
Together, CarBlock and YourMechanic will be able to provide expanded services and offerings to both of their communities. As both companies expand they will continue to grow their partnership to help empower drivers to share their data and earn more rewards. All while providing accurate and complete data-sets to companies, developers and manufacturers around the globe.
IHS Markit Analyses of 35 Cybersecurity Risk Factors
Business information provider IHS Markit announced that Research Signals, its quantitative equity research product, has enhanced its factor-based investment analyses with 35 cybersecurity risk factors on more than 3,000 public companies. The cybersecurity risk factors are based on security ratings from BitSight, a leading provider of actionable risk intelligence, and deliver investment risk indicators for institutional investors.
“Cybersecurity weakness is an important risk that investors need to monitor, and cases such as Equifax underscore the consequences of data breaches on stock prices,” said Chris Hammond, executive director, Research Signals at IHS Markit. “BitSight Security Ratings provide a quantitative measure of a specific company’s cybersecurity risk, which fits well into quant models and risk models. It’s an example of how alternative data can help investors make better decisions and monitor risks in their portfolio that they were unable to capture in the past.”
Data breaches and cyber incidents can damage a company’s reputation and share price; one recent study found that share prices fall by an average of 5 percent after the disclosure of a data breach. For portfolio managers, having daily insight on cybersecurity risk can enable more informed investment decisions.
“Cyber-attacks can result in significant financial impact to the bottom line, but many investors remain in the dark about the security performance of their portfolio companies,” said Jacob Olcott, VP of Strategic Partnerships at BitSight. “BitSight Security Ratings provide investors critical cybersecurity information that helps them make better investment decisions. We are glad to work with IHS Markit on this groundbreaking offering for the investor community.”
The BitSight Security Rating Platform generates objective, quantitative measurements on a company’s security performance to produce daily security ratings ranging from 250 to 900. BitSight analyzes security events including malware, vulnerabilities, user behaviors, and more and applies sophisticated algorithms to produce these ratings, which are derived using externally observable, non-intrusive methods.
“The digitalization of data has created opportunities for cybercriminals, and as markets become more automated, there are more channels for data breaches,” said Virginie O’Shea, research director at Aite Group. “Across sectors, companies are taking action to reduce cybercrime, but they must continue to be aware of any risk that can emerge along with innovation.”
Research Signals from IHS Markit provides investment analyses on more than 30,000 securities in 80 countries, supporting selection and strategy development for asset managers, fund administrators, hedge funds and investment banks. With more than 400 factors studied and 20 years of historical data, the Research Signals team focuses on traditional and specialty themes such as value, quality, momentum, short interest, social media sentiment, ESG and cybersecurity.
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.